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IN THE CLAIMS : 

Please amend the claims as follows: 

5 1 (Currently Amended) A method for authenticating a user, comprising: 

obtaining an asserted identity of said user ; 

obtaining a random subset of questions that said user has previously answered, 
wherein a correlation between said user and said previously answered questions does not violate 
one or more predefined correlation rules; and 
i0 presenting one or more questions to said user from said random subset of 

questions until a predefined security threshold is satisfied , wherein said user is authenticated 
when said predefined security threshold is satisfied 

2. (Original) The method of claim 1, wherein said predefined security threshold is 
15 based on a sum of security weights of correctly answer ed questions . 

3. (Original) The method of claim 1, wherein one or more of said questions are 
dir ected to an opinion of said user 

20 4 (Original) The method of claim 1, wherein one or more of said questions are 

directed to a trivial fact. 

5 (Original) The method of claim 1, wherein one or more of said questions are 

directed to an indirect fact 

25 

6. (Original) The method of claim 1, further comprising the step of presenting said 

user with a larger pool of potential questions for selection of one or more questions to answer 
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7 (Original) The method of claim 6, further comprising the step of ensuring that 
said questions selected by said user meet predefined criteria for topic distribution. 

8 (Original) The method of claim 6, wher ein said larger pool of potential questions 
5 are selected to be attack resistant, 

9 (Original) The method of claim 1, wherein said one or more predefined 
correlation rules ensure that answers to user selected questions cannot be qualitatively correlated 
with said user 

10 

10 (Original) The method of claim 1, wherein said one or more predefined 
correlation rules ensure that answers to user selected questions cannot be quantitatively 
correlated with said user. 

15 11. (Original) The method of claim 1, further comprising the step of requiring said 

user to have a second factor . 

12 (Original) The method of claim U, wherein said second factor is a required 

possession of a given device, 

20 

13. (Original) The method of claim 11, wherein said second factor is a required 

personal identification number 

14 (Original) The method of claim 1 1, wherein said second factor is a computer file, 

25 wallet card, or piece of paper on which is written the user's selected questions and corresponding 
question indices 
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15 . (Original) The method of claim 11, wherein said second factor is a computer file, 

wallet card, or piece of paper on which is wr itten the user 's selected questions and corresponding 
question indices 

5 16. (Original) The method of claim 1, wherein said questions from said random 

subset of questions are presented to said user 1 in a random order . 

17 (Original) The method of claim 1, wherein said questions are presented to said 
user in the form of an index identifying each question. 

10 

18 (Original) The method of claim I, wherein answers to said questions are received 
from said user in the form of an index identifying each answer 

19. (Original) The method of claim 16, wherein said index identifying each answer 

15 can be aggregated to form a password 

20 (Original) The method of claim 16, wherein a portion of each answer can be 

aggregated to form a password. 

20 21. (Original) The method of claim 1, further comprising the step of storing an 

indication of said subset of questions on a device or a wallet card or a piece of paper associated 
with said user, 

22. (Currently Amended) An apparatus for authenticating a user, comprising: 

25 a memory; and 

at least one processor', coupled to the memory, operative to: 
obtain an asserted identity of said user ; 



5 



502078-A-01-US (Bagga) 



obtain a random subset of questions that said user has previously answered, 
wherein a con elation between said user and said pieviously answered questions does not violate 
one or more predefined correlation rules; and 

present one or more questions to said user from said random subset of questions 
5 until a predefined security threshold is satisfied , wherein said user is authenticated when said 
predefined security threshold is satisfied 

23. (Original) The apparatus of claim 20, wherein said predefined security threshold 

is based on a sum of security weights of correctly answered questions. 

10 

24 (Original) The apparatus of claim 20, wherein one or more of said questions are 
directed to an opinion of said user. 

25 (Original) The apparatus of claim 20, wherein one or more of said questions are 
1 5 directed to a trivial fact. 

26 (Original) The apparatus of claim 20, wherein one or more of said questions are 
directed to an indirect fact 

20 27. (Original) The apparatus of claim 20, wherein said processor is further configured 

to ensure that questions selected by said user meet predefined criteria for topic distribution. 

28, (Original) The apparatus of claim 20, wherein said one or more predefined 
correlation rules ensure that answers to user selected questions cannot be qualitatively correlated 

25 with said user, 

29. (Original) The apparatus of claim 20, wherein said one or more predefined 
correlation rules ensure that answers to user' selected questions cannot be quantitatively 
correlated with said user 
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30. (Original) The apparatus of claim 20, wherein said questions from said random 

subset of questions ar e presented to said user in a random order . 

5 31. (Original) The apparatus of claim 20, wherein said pr ocessor is further configured 

to store an indication of said subset of questions on a device associated with said user 

32, (Currently Amended) An article of manufacture for authenticating a user 1 , 

comprising a machine readable medium containing one or more programs which when executed 
1 o implement the steps of: 

obtaining an asserted identity of said user; 

obtaining a random subset of questions that said user has previously answered, 
wherein a correlation between said user and said previously answered questions does not violate 
one or more predefined correlation rules; and 
15 presenting one or more questions to said user from said random subset of 

questions until a predefined security threshold is satisfied , wherein said user is authenticated 
when said predefined security threshold is satisfied 
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